Security Analyst

Job Details : Experience : 5 Years

Work Location : Chennai

Work Mode : Hybrid

Roles and Responsibilities :

• 5–7 years of hands-on experience in VAPT, preferably in both application and infrastructure testing.
• Perform manual verification and risk assessment of identified vulnerabilities.
• Track and validate remediation efforts in collaboration with IT and application teams.
• Execute black-box, grey-box, and white-box penetration tests on web applications, APIs, internal systems, external networks, and mobile apps.
• Exploit vulnerabilities in controlled environments to assess real-world risks.
• Simulate advanced threat actor behaviours and pivot through environments for lateral movement analysis.
• Review application architecture and code (static / dynamic analysis) for security issues.
• Work with DevOps and engineering teams to ensure secure SDLC practices are followed.
• Conduct threat modelling and provide recommendations during design and development phases.
• Prepare detailed reports with evidence of vulnerabilities, risk ratings, exploit techniques, and remediation guidance.
• Present findings to both technical and non-technical stakeholders.
• Maintain documentation of test plans, procedures, and assessment tools.
• Solid knowledge of OWASP Top 10, SANS 25, and CVSS scoring.
• Burp Suite, Metasploit, Nmap, Wireshark, Nikto, Hydra, and SQLmap SAST / DAST platforms like Fortify or Veracode
• Proficiency in scripting (Python, Bash, or PowerShell) to build or extend tools.
• Strong understanding of TCP / IP, firewalls, IDS / IPS, and network protocols.
• Familiarity with cloud security (AWS, Azure, or GCP).